The Role of External Mechanisms and Transformational Leadership in Information Security Policy Effectiveness: A Managerial Perspective of Financial Industry in Vietnam
MetadataShow full metadata
Information security policy (ISP) violations are one of the biggest concerns for all organisations around the world, resulting in billions of direct and indirect losses, especially in the financial industry. While different justifications can be made to explain the performance of ISP, the low-level commitment of senior management and inadequate enforcement mechanisms are regarded as the critical factors leading to ISP inefficiency and breaches in organisations. The extant literature has argued that senior managers and their leadership style play a crucial role in enforcing employees’ compliance with ISP. However, previous research has mostly investigated the behavioural aspects of ISP compliance at the individual level and there has been a lack of investigation on the effectiveness of ISP from managerial and organisational perspectives. Thus, this study investigated the predictors of ISP effectiveness by 1) examining the effect of external mechanisms on the motivation of senior management commitment and 2) evaluating the influence of transformational leadership on the enforcement of organisational ISP. Drawing on neo-institutional theory, this research investigated the influence of external mechanisms – coercive, mimetic, and normative – on the effectiveness of ISP through the mediator role of senior management participation in ISP. Applying the transformational leadership framework, this study also evaluated the impact of transformational leadership on ISP effectiveness through the mediating effect of ISP enforcement. The proposed research model was implemented using field survey data of 207 professional managers in the financial sector. Partial least square structural equation modelling (PLS-SEM) was used to test the proposed hypotheses. The results reported that coercive and mimetic mechanisms positively influence senior management participation in ISP, which eventually leads to a higher level of ISP effectiveness in an organisation. It was also found that ISP enforcement mediates the relationship between transformational leadership and ISP effectiveness in an organisation. This study provides theoretical and practical contributions. Drawing on neo-institutional theory and the transformational leadership framework, this research produced an integrated theoretical model to understand ISP effectiveness. Moreover, this study broadens current ISP research from an individual level to a managerial perspective. The research findings enhance the existing literature of neo-institutional theory and extend transformational leadership studies in the context of ISP effectiveness within organisations. In practical terms, this study provides organisations and senior managers with a better understanding of the influencing factors in the external environment that affect organisational decisions. Organisations might find it useful to evaluate and take advantage of those mechanisms to motivate the commitment of senior managers in ISP, which will in turn contribute to ISP management. Furthermore, this study indicates the importance of senior managers’ leadership skills in promoting ISP enforcement and ISP effectiveness. This finding might help organisations in examining senior managers’ competency and in constructing a human resources development plan.